WO2000074298A1 - Technique d'etablissement de double de connaissances reparties et de recuperation d'une cle de chiffrement - Google Patents

Technique d'etablissement de double de connaissances reparties et de recuperation d'une cle de chiffrement Download PDF

Info

Publication number
WO2000074298A1
WO2000074298A1 PCT/US2000/013381 US0013381W WO0074298A1 WO 2000074298 A1 WO2000074298 A1 WO 2000074298A1 US 0013381 W US0013381 W US 0013381W WO 0074298 A1 WO0074298 A1 WO 0074298A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
cryptographic key
data segments
random number
cryptographic
Prior art date
Application number
PCT/US2000/013381
Other languages
English (en)
Inventor
George M. Brookner
Lorenz R. Frey
Original Assignee
Ascom Hasler Mailing Systems, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ascom Hasler Mailing Systems, Inc. filed Critical Ascom Hasler Mailing Systems, Inc.
Priority to EP00937559A priority Critical patent/EP1183816A4/fr
Priority to CA2374968A priority patent/CA2374968C/fr
Publication of WO2000074298A1 publication Critical patent/WO2000074298A1/fr
Priority to US11/708,750 priority patent/US7916871B2/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes

Definitions

  • the present invention is directed to a technique for secure communications, and in particular to a private/public key cryptographic scheme for such communications.
  • a postal security device In prior art, a postal security device (PSD) is used in a franking system for storing a fund therein for postage dispensation. When the stored fund runs out, a data center needs to be contacted to download more funds into the PSD such that it can continue to issue postage. Because of the sensitive nature of the communications between the PSDs and the data center, which involves the transfer of funds, the critical funds-related communications are typically encrypted and/or cryptographically signed.
  • each PSD contains a private/public key set in accordance with a well known cryptographic methodology.
  • the private key of each PSD is used to encrypt and cryptographically sign a message to be sent to the data center, which has knowledge of each PSD ' s public key.
  • the data center decrypts and verifies the authenticity of the message using the public key associated with the particular PSD.
  • the resulting cleartext message may contain, among others, a request for additional funds to be downloaded into the PSD.
  • the data center then sends a response message to the PSD authorizing the further issuance of postage (i.e. downloading funds to the PSD) . It is also typical that such a response message is cryptographically signed by the data center.
  • the data center has at least one private key therein to sign the response message .
  • the public key corresponding to such a private key is known by the PSDs served by the data center, and is used by the PSDs to authenticate the response message.
  • the private key of the data center be kept secret.
  • the private key is securely maintained in a module known as a security device (SD) , which may be a secured personal computer (PC), in the data center.
  • SD security device
  • PC personal computer
  • a cryptographic key e.g., a private key, in the above- described data center
  • a cryptographic key is processed to generate multiple data segments from which the cryptographic key is recoverable.
  • At least one of the data segments is a function of a random number and at least part of the cryptographic key.
  • the data segments are provided to trusted entities, e.g., individuals, for safe keeping thereof. Each entity has no knowledge of the data segment provided to another entity.
  • the trusted entities are required to input the respective data segments into a system where they are recombined to yield the original key.
  • error checking is performed to verify that the recovered key is identical to the original key.
  • Fig. 1 illustrates an arrangement which includes a franking system capable of communicating with a data center m accordance with the invention
  • Fig. 2 is a flow diagram illustrating the process by which a first trusted entity obtains its key segment for recovering a private key m the data center;
  • Fig. 3 is a flow diagram illustrating the process by which a second trusted entity obtains its key segment for recovering the private key
  • Fig. 4 is a flow diagram illustrating the process by which the first trusted entity inputs its key segment ;
  • Fig. 5 is a flow diagram illustrating the process by which the second trusted entity enters its key segment
  • Fig. 6 is a flow diagram illustrating a process for verifying that a restored private key is identical to the original private key
  • Figs. 7A and 7B jointly illustrate a process for deriving key segments from the original private key.
  • Fig. 1 illustrates an arrangement embodying the principles of the invention.
  • this arrangement includes franking system 100 which in cooperation with data center 125 generates postage indicia serving as proof of postage.
  • System 100 includes computer 105 of conventional design, printer 115, postal security device (PSD) 110 capable of authorizing printing of postage indicia on printer 115, and modem 120 for communications with data center 125.
  • PSD postal security device
  • the arrangement of Fig. 1 may be used for a variety of purposes other than the printing of postage indicia.
  • the arrangement may also be used for issuing tickets such as lottery tickets and event tickets.
  • Data center 125 includes key management system
  • K S security device
  • SD security device
  • I/O interface 140 for input/output of information.
  • KMS 135 and SD 130 interact with each other to provide the facility to back up and recover at least one cryptographic key, e.g., private key 133, stored in SD 130.
  • PSD 110 is used for storing a fund therein for postage dispensation.
  • PSD 110 needs to communicate with data center 125 to download more funds thereto such that it can continue to issue postage.
  • the critical funds-related communications are encrypted and/or cryptographically signed.
  • KMS 135 in this instance cryptographically signs messages to PSD 110 using private key 133, in accordance with the well known digital signature algorithm (DSA) pursuant to the Digital Signature Standard (DSS) , described in Federal Information Processing Standards Publication (FIPS Pub)
  • the resulting message may be authenticated in PSD 110 using the public key (not shown) therein corresponding to private key 133. It should be noted that one may utilize, instead of the DSA, the RSA or Elliptic Curve or other well known cryptographic methodology for data authentication purposes.
  • a private key e.g., private key 133
  • a data center such as through tampering or equipment failure
  • multiple key segments are generated based on private key 133, which are respectively distributed to trusted entities, e.g., trusted users. Each trusted entity has no knowledge of others' key segments.
  • Each key segment may be recorded m a recordable medium, e.g., a printout or a storage device .
  • the original key can be restored only when all of the trusted entities produce the respective key segments, based on which the original key is reconstructed.
  • KMS 135 and SD 130 m data center 125 interact with each other to provide the facility to back up and recover private key 133 m accordance with the invention.
  • the input and output of key segment information is accomplished using I/O interface 140.
  • key segment information is output from data center 125 m the form of a printout using a printer connected to interface 140.
  • the key segment information may be downloaded directly into a storage device connected to interface 140.
  • a trusted user may enter key segment information into data center 125 via a keyboard connected to interface 140 after the user reads from a printout recording the key segment information.
  • it may be entered by direct communication from a storage device storing the key segment information through interface 140.
  • SD 130 is used to manage private key 133 and the key segment generation algorithms within its secure boundary.
  • private key 133 is maintained m an environment separate from the processing system of KMS 135 which handles all interactions between SD 130 and the users, yet interconnected for normal working application.
  • PINs personal identification numbers
  • identifying the trusted users are stored within SD 130. These PINs are preassigned to the users, respectively.
  • SD 130 includes within its microprocessor system, among other software/firmware applications, critical security-related functionalities such as a library to carry out modular long integer mathematics; the capability of generating random numbers, which is compatible with FIPS Pub 140-1, or other accepted standard for self-tests of the random number generation capability; generation and verification of DSA signatures in accordance with the DSS, and all PIN related functions.
  • critical security-related functionalities such as a library to carry out modular long integer mathematics; the capability of generating random numbers, which is compatible with FIPS Pub 140-1, or other accepted standard for self-tests of the random number generation capability; generation and verification of DSA signatures in accordance with the DSS, and all PIN related functions.
  • SD 130 includes such specific functionalities as an identity-based access control mechanism based on the use of the PINs; a highly privileged function to output private key 133 for the key segmenting operation in accordance with the invention; a highly privileged function to enter key material for the key recovery operation; generation of error codes; and a self-test to check the correct segmentation of private key 133, e.g., by comparing bitwise private key 133 with the bitwise exclusive-OR value of key segments.
  • two or more users are entrusted with key segments in accordance with the invention.
  • two users are entrusted with the following Key Segment 1 and Key Segment 2, respectively:
  • R represents a random number or bit string
  • X represents private key 133
  • Fig. 2 illustrates the process for generating Key Segment 1 for a first user in accordance with the invention
  • KMS 135 prompts the first user for entry of his/her PIN.
  • the first user enters PIN1 identifying him/her through I/O interface 140.
  • PIN1 is then sent to SD 130.
  • SD 130 verifies PIN1 by comparing it to the previously established PIN for the first user. SD 130 then generates a random number R.
  • R is a 160 bit number, but a random number of another bit length may be used.
  • a true random number is generated by SD 130.
  • the random number may be generated using a pseudorandom number generator, for example, the one described in Appendix C of ANSI standard X9.17 (Financial Institution Key Management (Wholesale) ) .
  • the hash of R is then computed, resulting in h(R) .
  • the hash function used in this illustrative embodiment is the secure hash algorithm (SHA-1) described in FIPS Pub 180-1. However, another well known secure one-way hash algorithm may be used, instead.
  • SD 130 then computes the hash of private key 133, resulting in h(X) . In this instance, private key 133 is a 160 bit number, although a key of another length may be utilized.
  • the random number R, the hash of the random number h(R) , and the hash of private key 133 h(X) are then sent to KMS 135.
  • KMS 135 independently calculates the hash of received random number R, and compares it with the received h(R) to ensure that there is a match. If there is no match, KMS 135 sets an error condition (EC) to 1. The process is then aborted and an error is indicated, e.g., through a display mechanism (not shown) connected to interface 140.
  • KMS 135 erases or otherwise makes unavailable all traces of data from SD 130, which includes the random number R, and the hash values h(R) and h (X) .
  • KMS 135 also ensures that none of such data remains in any auxiliary device, for example, in a non-volatile memory of a printer. KMS 135 then confirms correct termination of the process. Thus, with the printout, the first user is in possession of Key Segment 1, i.e., R, along with the values h(R) and h (X) associated therewith.
  • Fig. 3 illustrates the process for generating Key Segment 2 for a second user in accordance with the invention.
  • KMS 135 prompts the second user for a PIN.
  • the second user enters his previously established PIN, denoted PIN2 , which is sent to SD 130.
  • PIN2 the previously established PIN
  • SD 130 verifies the identity of the second user by matching the received PIN2 with the previously established PIN for the second user.
  • SD 130 calculates the bitwise exclusive-OR of the random number R and private key X, and performs a hash function on the result.
  • KMS 135 (a) the bitwise exclusive-OR of the random number R and private key X, i.e., R ⁇ X, (b) the hash of the bitwise exclusive-OR of the random number R and private key X, i.e., h(R ⁇ X) , and (c) the hash of the private key X, i.e., h(X) .
  • KMS 135 erases all traces of data received from SD 130, and ensures that any auxiliary devices do not contain any such data. KMS 135 then confirms correct termination of the process to SD 130.
  • the second user is m possession of Key Segment 2, i.e., R ®
  • Key Segments 1 and 2 and their associated hash values are respectively archived by the first and second users at separate locations geographically different from where SD 130 resides.
  • the users independently secure their respective key segments and associated hash values, which may be encrypted and which may be recorded in printouts, storage devices or other recordable mediums.
  • the latter may be kept in a secure environment, e.g., a safe, and each user has no access to the other's key segment information.
  • each user may record all necessary identification information, such as the date of generation of his/her key segment and the identification of the user receiving the key segment .
  • Fig. 4 illustrates a process whereby the first user enters Key Segment 1 to SD 130.
  • KMS 135 prompts the first user for entry of his/her PIN.
  • PIN1 which is sent to SD 130.
  • PIN1 which is sent to SD 130.
  • SD 130 verifies whether the correct PIN has been entered, and indicates any success of the PIN verification to KMS 135.
  • KMS 135 prompts the first user for the entry of Key Segment 1, i.e., R.
  • the first user enters Key Segment 1 (R) .
  • KMS 135 computes the hash of R and displays the result.
  • the first user compares the hash value generated by KMS 135 with the corresponding h (R) previously provided to him/her in the process of Fig. 2. If there is no match, then it is determined that an error has occurred, and the step in box 417 may be repeated by the user for a predetermined number of trials. When the predetermined number of trials is exceeded, the process is aborted.
  • KMS 135 sends Key Segment 1 (R) to SD 130, and erases all traces of Key Segment 1 from the memory of KMS 135 and any auxiliary devices used during the process .
  • Fig. 5 illustrates a process whereby the second user enters Key Segment 2 to SD 130.
  • KMS 135 prompts the second user for his/her PIN.
  • the second user enters PIN2 , which is sent to SD 130.
  • SD 130 verifies whether the correct PIN has been entered and indicates any success of the verification to KMS 135.
  • KMS 135 prompts the second user for entry of Key Segment 2, i.e., R ⁇ X.
  • the second user enters Key Segment 2 (R ® X) to KMS 135.
  • KMS 135 computes h(R ® X) and displays the result.
  • the second user compares the hash value generated by KMS 135 with the corresponding h(R ⁇ X) previously provided to him/her in the process of Fig. 3. If there is no match, it is determined that an error has occurred, and the step in box 525 may be repeated by the second user for a predetermined number of trials. If the predetermined number of trials is exceeded, the process is aborted. In box 528, KMS 135 sends Key
  • Segment 2 (R ⁇ X) to SD 130 and erases all traces of Key Segment 2 from the memory of KMS 135 and any auxiliary devices used during the process.
  • Fig. 6 illustrates the process used for recovering private key 133 and verification of the recovered private key.
  • SD 130 recovers private key X by performing a bitwise exclusive-OR of Key Segment 1 (R) entered by the first user and Key Segment 2
  • SD 130 then computes the hash value of the recovered private key X, i.e., h(X), and sends it to KMS 135.
  • KMS 135 displays the computed h(X) .
  • the first user compares the displayed hash value with the corresponding h(X) previously provided to him/her m the process of Fig. 2.
  • the second user similarly compares the displayed hash value with the corresponding h(X) previously provided to him/her m the process of Fig. 3. This comparison by each of the users is performed independently, without either user seeing the other's record.
  • m box 633 KMS 135 signals to SD 130 that private key 133 is restored and verified. Otherwise, if any of the comparisons does not result m a match, the process is aborted.
  • M users are entrusted with key segments, respectively, based on which the original key is recovered, where M represents an integer greater than or equal to two.
  • M 2 case
  • M > 2 cases similarly follow. For instance, in an M > 2 case, M users may be entrusted with the respective M key segments as follows:
  • FIGs. 7A and 7B jointly illustrate the process whereby X 1# X 2 ... and X M 1 are derived from private key 133, denoted X.
  • X is divided into M-1 portions, denoted portion 1, portion 2, ..., and portion M- 1. It should be noted that portions 1 through M-1 may be m different lengths.
  • X 1 is a bit string as long as X, which includes the same bits and their bit positions as portion 1 of X, with the rest of the bit string stuffed with bits "0" .
  • X 2 is a bit string which includes the same bits and their bit positions as portion 2 of X, with the rest of the bit string stuffed with bits "0"; ...; and X H 1 ⁇ s a bit string which includes the same bits and their bit positions as portion M-1 of X, with the rest of the bit string stuffed with bits "0" .
  • the invention generally applies to other systems and methods where the integrity of a cryptographic key is important, and a secure backup of such a cryptographic key is desirable.
  • the key segments received by the trusted entities may be weighted. For example, in a three-key- segment scheme, one key segment may be privileged or accorded more weight than the other two key segments in that it would allow recovery of private key 133 based on the privileged key segment, combined with either of the other two key segments.
  • system 100 and data center 125 are disclosed herein in a form in which various functions are performed by discrete functional blocks. However, any one or more of these functions could equally well be embodied in an arrangement in which the functions of any one or more of those blocks or indeed, all of the functions thereof, are realized, for example, by one or more appropriate memories, and/or appropriately programmed processors.

Abstract

Dans un environnement de chiffrement protégé, un double d'une clé privée d'un mécanisme de chiffrement par clé privée/publique doit être effectué et récupéré en cas de perte ou d'altération de la clé privée. Pour faire le double de la clé privée, des segments de clé multiples sont générés sur la base de la clé privée et son distribués à un nombre correspondant de personnes de confiance ne connaissant que le segment de clé en leur possession. Le clé ne peut être rétablie (629) que lorsque toutes les personnes de confiance produisent les segments de clé respectifs, selon la clé privée d'origine à reconstituer (629). Par ailleurs, chaque personne de confiance est identifiable de manière unique par un numéro d'identification personnel. Pour un meilleur résultat, la clé privée, qui est secrète, peut être copiée et reconstituée (629) sans que la personne connaisse la clé dans son intégralité.
PCT/US2000/013381 1999-05-26 2000-05-16 Technique d'etablissement de double de connaissances reparties et de recuperation d'une cle de chiffrement WO2000074298A1 (fr)

Priority Applications (3)

Application Number Priority Date Filing Date Title
EP00937559A EP1183816A4 (fr) 1999-05-26 2000-05-16 Technique d'etablissement de double de connaissances reparties et de recuperation d'une cle de chiffrement
CA2374968A CA2374968C (fr) 1999-05-26 2000-05-16 Technique d'etablissement de double de connaissances reparties et de recuperation d'une cle de chiffrement
US11/708,750 US7916871B2 (en) 1999-05-26 2007-02-21 Technique for split knowledge backup and recovery of a cryptographic key

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US13595399P 1999-05-26 1999-05-26
US60/135,953 1999-05-26

Related Child Applications (2)

Application Number Title Priority Date Filing Date
US09979343 A-371-Of-International 2000-05-16
US11/708,750 Continuation US7916871B2 (en) 1999-05-26 2007-02-21 Technique for split knowledge backup and recovery of a cryptographic key

Publications (1)

Publication Number Publication Date
WO2000074298A1 true WO2000074298A1 (fr) 2000-12-07

Family

ID=22470544

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2000/013381 WO2000074298A1 (fr) 1999-05-26 2000-05-16 Technique d'etablissement de double de connaissances reparties et de recuperation d'une cle de chiffrement

Country Status (4)

Country Link
US (1) US7916871B2 (fr)
EP (1) EP1183816A4 (fr)
CA (1) CA2374968C (fr)
WO (1) WO2000074298A1 (fr)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6473743B1 (en) * 1999-12-28 2002-10-29 Pitney Bowes Inc. Postage meter having delayed generation of cryptographic security parameters
GB2410656A (en) * 2004-01-29 2005-08-03 Toshiba Res Europ Ltd Secure delivery of encryption key by splitting it amongst messages from many sources to hinder interception
US7894599B2 (en) 2006-12-04 2011-02-22 International Business Machines Corporation Enhanced data security with redundant inclusive data encryption segments

Families Citing this family (38)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7613812B2 (en) * 2002-12-04 2009-11-03 Microsoft Corporation Peer-to-peer identity management interfaces and methods
US7949996B2 (en) 2003-10-23 2011-05-24 Microsoft Corporation Peer-to-peer identity management managed interfaces and methods
US7496648B2 (en) * 2003-10-23 2009-02-24 Microsoft Corporation Managed peer name resolution protocol (PNRP) interfaces for peer to peer networking
US8688803B2 (en) 2004-03-26 2014-04-01 Microsoft Corporation Method for efficient content distribution using a peer-to-peer networking infrastructure
WO2006047694A1 (fr) * 2004-10-25 2006-05-04 Orsini Rick L Systeme analyseur syntaxique de donnees securise et procede correspondant
US7571228B2 (en) * 2005-04-22 2009-08-04 Microsoft Corporation Contact management in a serverless peer-to-peer system
US8036140B2 (en) * 2005-04-22 2011-10-11 Microsoft Corporation Application programming interface for inviting participants in a serverless peer to peer network
US8438115B2 (en) * 2005-09-23 2013-05-07 Pitney Bowes Inc. Method of securing postage data records in a postage printing device
CN105978683A (zh) 2005-11-18 2016-09-28 安全第公司 安全数据解析方法和系统
US8352482B2 (en) * 2009-07-21 2013-01-08 Vmware, Inc. System and method for replicating disk images in a cloud computing based virtual machine file system
US8234518B2 (en) * 2009-07-21 2012-07-31 Vmware, Inc. Method for voting with secret shares in a distributed system
US8352490B2 (en) * 2009-10-22 2013-01-08 Vmware, Inc. Method and system for locating update operations in a virtual machine disk image
US9443097B2 (en) 2010-03-31 2016-09-13 Security First Corp. Systems and methods for securing data in motion
CN105071936B (zh) 2010-09-20 2018-10-12 安全第一公司 用于安全数据共享的系统和方法
WO2013059871A1 (fr) 2011-10-28 2013-05-02 The Digital Filing Company Pty Ltd Registre
US9881177B2 (en) 2013-02-13 2018-01-30 Security First Corp. Systems and methods for a cryptographic file system layer
FR3024002B1 (fr) 2014-07-21 2018-04-27 Ercom Eng Reseaux Communications Procede de sauvegarde d'un secret d'un utilisateur et procede de restauration d'un secret d'un utilisateur
US10693639B2 (en) * 2017-02-28 2020-06-23 Blackberry Limited Recovering a key in a secure manner
US10957445B2 (en) 2017-10-05 2021-03-23 Hill-Rom Services, Inc. Caregiver and staff information system
WO2019143852A1 (fr) 2018-01-17 2019-07-25 Medici Ventrues, Inc. Système d'approbations multiples utilisant m de n clés pour effectuer une action sur un dispositif client
US11095446B2 (en) * 2018-02-27 2021-08-17 Anchor Labs, Inc. Cryptoasset custodial system with different rules governing access to logically separated cryptoassets and proof-of-stake blockchain support
EP3766204A4 (fr) * 2018-03-15 2021-12-15 tZERO IP, LLC Division de clé chiffrée et clé de chiffrement servant à chiffrer une clé en éléments de clé permettant l'assemblage avec un sous-ensemble d'éléments de clé pour déchiffrer une clé chiffrée
JP2021536166A (ja) * 2018-04-19 2021-12-23 ピーアイブイ セキュリティー エルエルシー ピア識別情報の検証
US11601264B2 (en) 2018-10-12 2023-03-07 Tzero Ip, Llc Encrypted asset encryption key parts allowing for assembly of an asset encryption key using a subset of the encrypted asset encryption key parts
US11082235B2 (en) 2019-02-14 2021-08-03 Anchor Labs, Inc. Cryptoasset custodial system with different cryptographic keys controlling access to separate groups of private keys
US11301845B2 (en) 2019-08-19 2022-04-12 Anchor Labs, Inc. Cryptoasset custodial system with proof-of-stake blockchain support
US11494763B2 (en) 2019-08-19 2022-11-08 Anchor Labs, Inc. Cryptoasset custodial system with custom logic
US11100497B2 (en) 2019-08-20 2021-08-24 Anchor Labs, Inc. Risk mitigation for a cryptoasset custodial system using a hardware security key
US11562349B2 (en) 2019-08-20 2023-01-24 Anchor Labs, Inc. Risk mitigation for a cryptoasset custodial system using data points from multiple mobile devices
US11501291B2 (en) 2019-08-23 2022-11-15 Anchor Labs, Inc. Cryptoasset custodial system using encrypted and distributed client keys
US11936787B2 (en) 2019-12-10 2024-03-19 Winkk, Inc. User identification proofing using a combination of user responses to system turing tests using biometric methods
US11328042B2 (en) 2019-12-10 2022-05-10 Winkk, Inc. Automated transparent login without saved credentials or passwords
US11553337B2 (en) 2019-12-10 2023-01-10 Winkk, Inc. Method and apparatus for encryption key exchange with enhanced security through opti-encryption channel
US11928193B2 (en) 2019-12-10 2024-03-12 Winkk, Inc. Multi-factor authentication using behavior and machine learning
US11574045B2 (en) 2019-12-10 2023-02-07 Winkk, Inc. Automated ID proofing using a random multitude of real-time behavioral biometric samplings
US11843943B2 (en) 2021-06-04 2023-12-12 Winkk, Inc. Dynamic key exchange for moving target
US11824999B2 (en) * 2021-08-13 2023-11-21 Winkk, Inc. Chosen-plaintext secure cryptosystem and authentication
WO2023158695A1 (fr) * 2022-02-15 2023-08-24 Google Llc Environnement sécurisé pour des opérations sur des données privées

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5276737A (en) * 1992-04-20 1994-01-04 Silvio Micali Fair cryptosystems and methods of use
US5557346A (en) * 1994-08-11 1996-09-17 Trusted Information Systems, Inc. System and method for key escrow encryption
US5764767A (en) * 1996-08-21 1998-06-09 Technion Research And Development Foundation Ltd. System for reconstruction of a secret shared by a plurality of participants
US5857022A (en) * 1994-01-13 1999-01-05 Certco Llc Enhanced cryptographic system and method with key escrow feature
US5937066A (en) * 1996-10-02 1999-08-10 International Business Machines Corporation Two-phase cryptographic key recovery system
US6041317A (en) * 1996-11-19 2000-03-21 Ascom Hasler Mailing Systems, Inc. Postal security device incorporating periodic and automatic self implementation of public/private key pair
US6052469A (en) * 1996-07-29 2000-04-18 International Business Machines Corporation Interoperable cryptographic key recovery system with verification by comparison

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5241597A (en) 1991-02-01 1993-08-31 Motorola, Inc. Method for recovering from encryption key variable loss
US5454038A (en) 1993-12-06 1995-09-26 Pitney Bowes Inc. Electronic data interchange postage evidencing system
JP4083218B2 (ja) * 1995-06-05 2008-04-30 サートコ・インコーポレーテッド マルチステップディジタル署名方法およびそのシステム
US5764772A (en) * 1995-12-15 1998-06-09 Lotus Development Coporation Differential work factor cryptography method and system
US5815573A (en) * 1996-04-10 1998-09-29 International Business Machines Corporation Cryptographic key recovery system

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5276737A (en) * 1992-04-20 1994-01-04 Silvio Micali Fair cryptosystems and methods of use
US5276737B1 (en) * 1992-04-20 1995-09-12 Silvio Micali Fair cryptosystems and methods of use
USRE35808E (en) * 1992-04-20 1998-05-26 Bankers Trust Company Fair cryptosystems and methods of use
US5857022A (en) * 1994-01-13 1999-01-05 Certco Llc Enhanced cryptographic system and method with key escrow feature
US5557346A (en) * 1994-08-11 1996-09-17 Trusted Information Systems, Inc. System and method for key escrow encryption
US5640454A (en) * 1994-08-11 1997-06-17 Trusted Information Systems, Inc. System and method for access field verification
US5956403A (en) * 1994-08-11 1999-09-21 Network Association, Inc. System and method for access field verification
US6052469A (en) * 1996-07-29 2000-04-18 International Business Machines Corporation Interoperable cryptographic key recovery system with verification by comparison
US5764767A (en) * 1996-08-21 1998-06-09 Technion Research And Development Foundation Ltd. System for reconstruction of a secret shared by a plurality of participants
US5937066A (en) * 1996-10-02 1999-08-10 International Business Machines Corporation Two-phase cryptographic key recovery system
US6041317A (en) * 1996-11-19 2000-03-21 Ascom Hasler Mailing Systems, Inc. Postal security device incorporating periodic and automatic self implementation of public/private key pair

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
"SECRET SHARING", APPLIED CRYPTOGRAPHY, XX, XX, 1 January 1996 (1996-01-01), XX, pages 71 - 73, XP002931093 *
See also references of EP1183816A4 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6473743B1 (en) * 1999-12-28 2002-10-29 Pitney Bowes Inc. Postage meter having delayed generation of cryptographic security parameters
GB2410656A (en) * 2004-01-29 2005-08-03 Toshiba Res Europ Ltd Secure delivery of encryption key by splitting it amongst messages from many sources to hinder interception
GB2410656B (en) * 2004-01-29 2006-04-12 Toshiba Res Europ Ltd Communication device networks
US7894599B2 (en) 2006-12-04 2011-02-22 International Business Machines Corporation Enhanced data security with redundant inclusive data encryption segments

Also Published As

Publication number Publication date
US20080031460A1 (en) 2008-02-07
US7916871B2 (en) 2011-03-29
CA2374968A1 (fr) 2000-12-07
EP1183816A1 (fr) 2002-03-06
CA2374968C (fr) 2010-11-16
EP1183816A4 (fr) 2005-09-14

Similar Documents

Publication Publication Date Title
CA2374968C (fr) Technique d'etablissement de double de connaissances reparties et de recuperation d'une cle de chiffrement
EP0725512B1 (fr) Système de communication de données utilisant des clés publiques
US5142577A (en) Method and apparatus for authenticating messages
EP1374473B1 (fr) Procede et dispositif permettant de creer, de certifier et d'utiliser une cle cryptographique
US4458109A (en) Method and apparatus providing registered mail features in an electronic communication system
EP0539727B1 (fr) Sauvegarde/restauration d'environnement dans une installation cryptographique et duplication dans un système cryptographique à clé publique
US8583928B2 (en) Portable security transaction protocol
US7716491B2 (en) Generation and management of customer pin's
CN1565117B (zh) 数据验证方法和装置
JP3020958B2 (ja) 文書の真正さを確認する装置
US6079018A (en) System and method for generating unique secure values for digitally signing documents
US6061791A (en) Initial secret key establishment including facilities for verification of identity
EP1873960A1 (fr) Procédé de dérivation d'une clé de séance sur une carte à circuit imprimé
US6073125A (en) Token key distribution system controlled acceptance mail payment and evidencing system
US7039808B1 (en) Method for verifying a message signature
CN101110141A (zh) Ic卡上的密钥多样化的方法
JPH01197786A (ja) 複数の文書が真正であることを証明する装置
CN109918888B (zh) 基于公钥池的抗量子证书颁发方法及颁发系统
CN111639348B (zh) 数据库秘钥的管理方法及装置
JPH11298470A (ja) 鍵の配布方法およびシステム
EP0811955A2 (fr) Appareil sécurisé et procédé pour imprimer des valeurs avec une imprimante de valeur
US6738899B1 (en) Method for publishing certification information certified by a plurality of authorities and apparatus and portable data storage media used to practice said method
JP2788296B2 (ja) カード利用システム
US6847951B1 (en) Method for certifying public keys used to sign postal indicia and indicia so signed
EP0998074B1 (fr) Procédé de signature numérique ainsi que procédé et système de gestion d'une information secrète

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): CA US

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
WWE Wipo information: entry into national phase

Ref document number: 2000937559

Country of ref document: EP

ENP Entry into the national phase

Ref document number: 2374968

Country of ref document: CA

Ref country code: CA

Ref document number: 2374968

Kind code of ref document: A

Format of ref document f/p: F

WWE Wipo information: entry into national phase

Ref document number: 09979343

Country of ref document: US

WWP Wipo information: published in national office

Ref document number: 2000937559

Country of ref document: EP